//package com.xyz.config;
//
//import com.fasterxml.jackson.databind.ObjectMapper;
//import com.xyz.entity.R;
//import com.xyz.filter.TokenAuthenticationFilter;
//import com.xyz.filter.TokenLoginFilter;
//import com.xyz.security.DefaultPasswordEncoder;
//import com.xyz.security.TokenLogoutHandler;
//import com.xyz.security.TokenManager;
//import com.xyz.security.UnauthorizedEntryPoint;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.data.redis.core.RedisTemplate;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
//import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
//import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.web.SecurityFilterChain;
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
//
//@Configuration
//@EnableWebSecurity
//@EnableMethodSecurity(prePostEnabled = true)
//public class TokenWebSecurityConfig {
//
//    private final UserDetailsService userDetailsService;
//    private final DefaultPasswordEncoder defaultPasswordEncoder;
//    private final TokenManager tokenManager;
//    private final RedisTemplate<String, Object> redisTemplate;
//
//    public TokenWebSecurityConfig(UserDetailsService userDetailsService,
//                                  DefaultPasswordEncoder defaultPasswordEncoder,
//                                  TokenManager tokenManager,
//                                  RedisTemplate<String, Object> redisTemplate) {
//        this.userDetailsService = userDetailsService;
//        this.defaultPasswordEncoder = defaultPasswordEncoder;
//        this.tokenManager = tokenManager;
//        this.redisTemplate = redisTemplate;
//    }
//
//    @Bean
//    public SecurityFilterChain filterChain(HttpSecurity http, AuthenticationManager authenticationManager) throws Exception {
//        http
//                .csrf(csrf -> csrf.disable())
//                .authorizeHttpRequests(authz -> authz
//                        .requestMatchers("/admin/acl/login").permitAll()
//                        .requestMatchers("/admin/acl/**").authenticated()
//                        .anyRequest().permitAll()
//                )
//                .exceptionHandling(exception -> exception
//                        .authenticationEntryPoint(new UnauthorizedEntryPoint())
//                )
//                .logout(logout -> logout
//                        .logoutUrl("/admin/acl/index/logout")
//                        .addLogoutHandler(new TokenLogoutHandler(tokenManager, redisTemplate))
//                        .logoutSuccessHandler((request, response, authentication) -> {
//                            // 登出成功时返回JSON响应
//                            response.setContentType("application/json;charset=UTF-8");
//                            response.getWriter().write(new ObjectMapper().writeValueAsString(R.ok()));
//                        })
//                )
//                .sessionManagement(session -> session
//                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//                )
//                // 禁用默认的表单登录和HTTP Basic认证
//                .formLogin(form -> form.disable())
//                .httpBasic(basic -> basic.disable())
//                // 添加自定义过滤器
//                .addFilterBefore(tokenLoginFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class)
//                .addFilterBefore(tokenAuthenticationFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class);
//
//        return http.build();
//    }
//
//    @Bean
//    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
//        return config.getAuthenticationManager();
//    }
//
//    @Bean
//    public DaoAuthenticationProvider authenticationProvider() {
//        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
//        authProvider.setUserDetailsService(userDetailsService);
//        authProvider.setPasswordEncoder(defaultPasswordEncoder);
//        return authProvider;
//    }
//
//    @Bean
//    public TokenLoginFilter tokenLoginFilter(AuthenticationManager authenticationManager) {
//        return new TokenLoginFilter(authenticationManager, tokenManager, redisTemplate);
//    }
//
//    @Bean
//    public TokenAuthenticationFilter tokenAuthenticationFilter(AuthenticationManager authenticationManager) {
//        return new TokenAuthenticationFilter(authenticationManager, tokenManager, redisTemplate);
//    }
//
//    @Bean
//    public WebSecurityCustomizer webSecurityCustomizer() {
//        return (web) -> web.ignoring().requestMatchers(
//                "/api/**",
//                "/swagger-resources/**",
//                "/webjars/**",
//                "/v2/**",
//                "/swagger-ui.html/**",
//                "/swagger-ui/**"
//        );
//    }
//}